<?php

include('pagina.php');
include('database.php');
include('auth.php');

// Verifica se tem permissao
validaPermissao(1);

/* Verifica se houve post */
if (isset($_POST['new_one']) && isset($_POST['new_two']))
{
	$employee = query_fetch("SELECT password FROM employees WHERE id='{$_SESSION[site_id]['id']}'");

	if (md5($_POST['password']) != $employee['password'])
	{
		$_GET['msg'] = 'Current password does not match.';
	}
	else if ($_POST['new_one'] != $_POST['new_two'])
	{
		$_GET['msg'] = 'The new password and its check are differents.';
	}
	else
	{
		query_bd("UPDATE employees SET password='" . md5($_POST['new_one']) . "' WHERE id='{$_SESSION[site_id]['id']}'");

		$_SESSION[site_id]['password'] = md5($_POST['new_one']);
		$_GET['msg'] = 'Password changed succesfully.';
	}
}

// Inicia cabecalho da pagina
pagina_inicio('ParkSys - Change password');
pagina_head();

?>
<script type="text/javascript" language="JavaScript">

function checkForm()
{

	if (document.getElementById('changepass').password.value.length == 0)
	{
		alert("The password field must not be empty.");
		return false;
	}
	else if (document.getElementById('changepass').new_one.value.length == 0)
	{
		alert("The new password field must not be empty.");
		return false;
	}
	else if (document.getElementById('changepass').new_one.value != document.employee_new.new_two.value)
	{
		alert("The new password check failed.");
		return false;
	}
	else
		return true;
}

</script>

<?php

$contato_employee = query_fetch("SELECT contacts.name FROM employees, contacts " .
	"WHERE employees.id = {$_SESSION[site_id]['id']} AND contacts.id = employees.contact_id");
echo "<br><h1><em>Change {$contato_employee['name']}'s password</em></h1><br>";

/* Desenha form */
echo "<form id=changepass action='employee_password.php' method=POST onSubmit='return checkForm()' >";

echo "<label for=password>Current password:</label> <input type=PASSWORD id=password name=password value='' maxlength=20><br>";
echo "<label for=new_one>New password:</label> <input type=PASSWORD id=new_one name='new_one' value='' maxlength=20><br>";
echo "<label for=new_two>New password check:</label> <input type=PASSWORD id=new_two name='new_two' value='' maxlength=20><br>";
echo "<input type=SUBMIT name='submit' value='Submit'>";
echo "</form>";

// Finaliza pagina
pagina_fim();
?>
